VYPR

Vendor CVEs

Red Hat

All CVEs

3,692 total · sorted by risk
  • CVE-2025-12805HigMar 26, 2026
    risk 0.53cvss 8.1epss 0.00

    A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint.…

  • CVE-2026-0966HigMar 26, 2026
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the…

  • CVE-2025-3528HigMay 9, 2025
    risk 0.53cvss 8.2epss 0.00

    A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to…

  • CVE-2025-1801HigMar 3, 2025
    risk 0.53cvss 8.1epss 0.00

    A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged…

  • CVE-2024-1657HigApr 25, 2024
    risk 0.53cvss 8.1epss 0.00

    A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting…

  • CVE-2023-6779HigJan 31, 2024
    risk 0.53cvss 8.2epss 0.03

    An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an…

  • CVE-2017-2627HigAug 22, 2018
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow…

  • CVE-2018-1000301CriMay 24, 2018
    risk 0.53cvss 9.1epss 0.06

    curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability…

  • CVE-2016-9606HigMar 9, 2018
    risk 0.53cvss 8.1epss 0.06

    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

  • CVE-2017-15135HigJan 24, 2018
    risk 0.53cvss 8.1epss 0.04

    It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process…

  • CVE-2017-15114HigNov 27, 2017
    risk 0.53cvss 8.1epss 0.02

    When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is…

  • CVE-2017-1000256HigOct 31, 2017
    risk 0.53cvss 8.1epss 0.02

    libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

  • CVE-2017-13082HigOct 17, 2017
    risk 0.53cvss 8.1epss 0.05

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2016-5018CriAug 10, 2017
    risk 0.53cvss 9.1epss 0.10

    In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

  • CVE-2017-10078HigAug 8, 2017
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2017-7668HigJun 20, 2017
    risk 0.53cvss 7.5epss 0.57

    The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…

  • CVE-2017-5035HigApr 24, 2017
    risk 0.53cvss 8.1epss 0.01

    Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

  • CVE-2016-5386HigJul 19, 2016
    risk 0.53cvss 8.1epss 0.05

    The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to…

  • CVE-2016-3707HigJun 27, 2016
    risk 0.53cvss 8.1epss 0.03

    The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands…

  • CVE-2016-3698HigJun 13, 2016
    risk 0.53cvss 8.1epss 0.04

    libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a…

  • CVE-2016-0376HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.06

    The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in…

  • CVE-2016-0363HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.04

    The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the…

  • CVE-2016-1714HigApr 7, 2016
    risk 0.53cvss 8.1epss 0.06

    The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access…

  • CVE-2016-0793HigApr 1, 2016
    risk 0.53cvss 7.5epss 0.16

    Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that…

  • CVE-2016-0636HigMar 24, 2016
    risk 0.53cvss 8.1epss 0.06

    Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

  • CVE-2011-3188CriMay 24, 2012
    risk 0.53cvss 9.1epss 0.06

    The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network…

  • CVE-2011-2189HigOct 10, 2011
    risk 0.53cvss 7.5epss 0.18

    net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires…

  • CVE-2010-0013HigJan 9, 2010
    risk 0.53cvss 7.5epss 0.13

    Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to…

  • CVE-2007-1285HigMar 6, 2007
    risk 0.53cvss 7.5epss 0.18

    The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

  • CVE-2026-4480CriMay 26, 2026
    risk 0.52cvss 9.0epss 0.13

    A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this…

  • CVE-2025-13888CriDec 15, 2025
    risk 0.52cvss 9.1epss 0.01

    A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions…

  • CVE-2025-10622HigNov 5, 2025
    risk 0.52cvss 8.0epss 0.01

    A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

  • CVE-2016-7070HigSep 11, 2018
    risk 0.52cvss 8.0epss 0.01

    A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

  • CVE-2016-8610HigNov 13, 2017
    risk 0.52cvss 7.5epss 0.40

    A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive…

  • CVE-2016-9131HigJan 12, 2017
    risk 0.52cvss 7.5epss 0.41

    named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

  • CVE-2016-1661HigMay 14, 2016
    risk 0.52cvss 8.0epss 0.01

    Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…

  • CVE-2016-2105HigMay 5, 2016
    risk 0.52cvss 7.5epss 0.40

    Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

  • CVE-2026-54228HigJun 13, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory,…

  • CVE-2026-50264HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the…

  • CVE-2026-50261HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to…

  • CVE-2026-50260HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the…

  • CVE-2026-50258HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key…

  • CVE-2026-50257HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a…

  • CVE-2026-50256HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but…

  • CVE-2026-48864HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a…

  • CVE-2026-6846HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…

  • CVE-2025-14821HigApr 7, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH…

  • CVE-2026-4775HigMar 24, 2026
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer…

  • CVE-2025-8941HigAug 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

  • CVE-2025-26601HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the…

Page 9 of 74